From owner-freebsd-ports-bugs@FreeBSD.ORG Fri Jan 30 12:20:07 2009 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 99B561065672 for ; Fri, 30 Jan 2009 12:20:07 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 73E258FC26 for ; Fri, 30 Jan 2009 12:20:07 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n0UCK4cm065926 for ; Fri, 30 Jan 2009 12:20:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n0UCK45F065925; Fri, 30 Jan 2009 12:20:04 GMT (envelope-from gnats) Resent-Date: Fri, 30 Jan 2009 12:20:04 GMT Resent-Message-Id: <200901301220.n0UCK45F065925@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Thomas Sandford Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9B2FA106571F; Fri, 30 Jan 2009 12:12:17 +0000 (UTC) (envelope-from tdgsandf@miriam.paradisegreen.co.uk) Received: from miriam.paradisegreen.co.uk (miriam.paradisegreen.co.uk [81.187.228.6]) by mx1.freebsd.org (Postfix) with ESMTP id EB7A08FC1A; Fri, 30 Jan 2009 12:12:16 +0000 (UTC) (envelope-from tdgsandf@miriam.paradisegreen.co.uk) Received: from miriam.paradisegreen.co.uk (localhost [127.0.0.1]) by miriam.paradisegreen.co.uk (8.14.2/8.14.2) with ESMTP id n0UBu9EX002770; Fri, 30 Jan 2009 11:56:09 GMT (envelope-from tdgsandf@miriam.paradisegreen.co.uk) Received: (from root@localhost) by miriam.paradisegreen.co.uk (8.14.2/8.14.2/Submit) id n0UBu8H0002769; Fri, 30 Jan 2009 11:56:08 GMT (envelope-from tdgsandf) Message-Id: <200901301156.n0UBu8H0002769@miriam.paradisegreen.co.uk> Date: Fri, 30 Jan 2009 11:56:08 GMT From: Thomas Sandford To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: security-team@FreeBSD.org Subject: ports/131156: vuxml update for security vulnerability: ports:www/typo3. X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jan 2009 12:20:07 -0000 >Number: 131156 >Category: ports >Synopsis: vuxml update for security vulnerability: ports:www/typo3. >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jan 30 12:20:03 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Thomas Sandford >Release: FreeBSD 7.0-RELEASE-p6 i386 >Organization: >Environment: System: FreeBSD miriam.paradisegreen.co.uk 7.0-RELEASE-p6 FreeBSD 7.0-RELEASE-p6 #0: Mon Nov 24 06:43:33 UTC 2008 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 >Description: vuxml for vendor security report for TYPO3 --- vuln.xml.patch1 begins here --- --- vuln.xml.old 2009-01-30 11:46:07.000000000 +0000 +++ vuln.xml 2009-01-30 11:48:27.000000000 +0000 @@ -34,6 +34,38 @@ --> + + typo3 -- Multiple vulnerabilities in TYPO3 Core + + + typo3 + 4.2.4 + + + + +

Vendor reports:

+
+

Broken Authentication and Session Management Cross-Site Scripting Insecure Randomness and Remote Command Execution. + +Overall severity: High

+
+ + + + http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001 + CVE-2009-0255 + CVE-2009-0256 + CVE-2009-0257 + CVE-2009-0258 + 33376 + + + 2009-01-20 + 2009-01-30 + + + moinmoin -- multiple cross site scripting vulnerabilities --- vuln.xml.patch1 ends here --- >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: